OSINT Methodology: Building a Framework That Works
A practical breakdown of how to structure OSINT investigations — from defining objectives to organizing collected data into actionable intelligence.
Writing
Simple Mail Transfer Protocol (SMTP)? Good For You, Better For Me!
SMTP is the backbone of email — and a goldmine for attackers. Open relays, spoofing, directory harvest attacks, and how to lock it all down.
Social Media Woes: What an Attacker Can Find on Social Media
What happens when employees overshare on social media? Badge photos, job announcements, and personal details become attack vectors. Here's how attackers exploit it and how organizations can fight back.
Phishing Detector Browser Extension
A browser extension designed to detect and alert users about potential phishing websites.
A Penetration Tester's Best Friend – Multicast DNS (mDNS), Link-local Multicast Name Resolution (LLMNR), and NetBIOS-Name Services (NetBIOS-NS)
How legacy name resolution protocols like mDNS, LLMNR, and NetBIOS-NS are exploited by penetration testers for credential harvesting, and how to remediate them.
Attack Surface Reduction: A Guide for Personal Life
A guide to reducing your personal digital attack surface through account management, strong passwords, and proactive security practices.
Google Allows for .zip and .mov Top-Level Domain (TLD)
How Google's introduction of .zip and .mov top-level domains creates new phishing and malware delivery attack vectors.
How Learning Code Helps With Penetration Testing
How learning to code enhances penetration testing through automation, tool comprehension, and safer execution in client environments.
Mobile Application Penetration Testing – What's the Point?
Why mobile application penetration testing matters, how security professionals audit mobile apps, and best practices users can follow to protect their data.
Navigating Security Risks in AI & Large Language Models
An exploration of security risks in large language models, including prompt injection and insecure output handling, with guidance on staying secure.
Securing Your Smart Contracts: 3 Common Vulnerabilities & How to Prevent Them
A breakdown of the three most common smart contract vulnerabilities -- reentrancy attacks, insecure arithmetic, and access control flaws -- with real-world examples and prevention strategies.
The Impact of Data Brokers: Uncovering Their Role in Data Breaches
An exploration of how data brokers contribute to data breaches by aggregating personal information that cybercriminals weaponize for social engineering and phishing attacks.
Unlocking LSA Secrets: Key Security Risks to Consider
An overview of Windows LSA secrets, how attackers can extract stored credentials from the registry, and steps to protect against credential dumping.
Advanced Firebase Exploitation: Risks, Attack Techniques, Mitigations, and Detection
Firebase's flexibility introduces multiple attack surfaces. A deep dive into misconfigured rules, weak authentication flows, privilege escalation, and how to defend against them.
Why GrapheneOS is the Best Android ROM: A Deep Dive into Privacy, Security, and Usability
GrapheneOS takes Android's open-source architecture and hardens it with advanced sandboxing, kernel security, and a de-Googled experience. Here's why it's the best ROM for privacy and security.
CDN Phishing Walkthrough
A walkthrough on setting up Azure CDN phishing infrastructure using EvilGoPhish for authorized red team engagements.
Security Safety Tips
A practical guide covering data removal, password security, public area safety, and home security best practices.
Warhorse Configuration File
An example Warhorse phishing configuration file for automating red team infrastructure deployment.